Friday, July 1, 2016

Even if Guccifer 2.0 Is a Disinformation Puppet, Russians Aren't Necessarily the Ones Pulling His Strings

Anything is possible with Guccifer 2.0. He may be an independent Romanian hacker (as he says). He may be part of a disinformation campaign managed by Russia (as CrowdStrike suggests). He may even be part of a disinformation campaign managed by CrowdStrike (as I fear). Given the secrecy with which hackers necessarily cloak themselves, there are infinite other possibilities.

After Guccifer 2.0 posted his latest leak in the early hours of June 30th, corporate media was silent about the freshest documents--but loud about wondering whether Guccifer 2.0 is who he says he is or who CrowdStrike says he is (as if there are no other possibilities). Here's a representative paragraph from an Inverse article that received a lot of attention yesterday:

CrowdStrike said it is investigating whether the hacker’s public
statements are part of a Russian disinformation campaign or just a lone
hacker looking to steal credit, but as of June 15, they said their
internal findings that Guccifer 2.0 was connected to Russian intelligence services had not changed.

Is the purpose of that paragraph to raise questions about Guccifer 2.0 in the spirit of open and honest inquiry--or to foreclose discussion by setting up a false dichotomy?

Based on a DM exchange I had with Guccifer 2.0 two days ago, I remain concerned about the possibility that he is neither who he says he is nor who CrowdStrike says he is.

In the course of our conversation, Guccifer 2.0 gave me permission to summarize his remarks as long as I don't quote him directly. It's a weird request, but one that I'll honor just in case he turns out to be genuine.

The most thrilling (and terrifying) moment of the conversation came when he offered to send me hacked files from the DNC for analysis on my blog. I suspect (though he didn't say so) that he made similar arrangements with The Smoking Gun for the article that appeared on the 28th concerning the Clinton campaign's method of monitoring journalists. However, since that article focuses on the "spear phishing" method of entry via Gmail (the central premise of CrowdStrike's argument) instead of a zero-day exploit providing access to NGP VAN (Guccifer 2.0's own central premise), The Smoking Gun's perspective leaves me more confounded than enlightened.

As an independent blogger, I don't have the legal resources (or protections) available to writers at The Smoking Gun. So here's the response I gave (which is fair game, since I can quote myself without quoting the hacker):

Of course I'm interested, but I'll have to get some legal advice before
sharing such documents publicly--or even reviewing them. I hope you're
familiar with the U.S. government's "chilling effects" campaign and the
way it impacted Barrett Brown. I fully intend to exercise all the rights
I'm guaranteed as a U.S. citizen, but I'm unwilling to do anything
illegal. I hope that's a satisfactory answer.

In fact, this post is far less about what Guccifer 2.0 said to me than what I said to him--and what I fear other bloggers with short memories (or shallow educations concerning recent U.S. history in the cybercrime arena) might have said instead.

Guccifer 2.0 appears to be overwhelmed by the amount of information at his disposal. If his situation is what he claims, then he needs help, and I hope that qualified journalists with the appropriate resources will give him just the help he needs.

However, an unsuspecting blogger who uncritically publicizes hacked information from an unknown source such as Guccifer 2.0 could very easily fall into a far worse trap than the one that landed Barrett Brown in jail.

I know I'm a broken record on this subject, but the Stratfor hack (which happened on Shawn Henry's watch at the FBI) brought all sorts of hacktivists together in a spirit of cooperation and trust. By connecting Hyriiyya (the still unidentified hacker with a zero-day exploit for cracking Stratfor) with Jeremy Hammond (the activist who was subsequently imprisoned for using that exploit) and Brown (the journalist who was subsequently imprisoned merely for posting a link to data made available through that exploit), the FBI's informant Hector Monsegur (aka Sabu) set hacktivism back even as he coordinated a stunt that seemed likely to advance its cause.

To this day, Monsegur claims that even though he was working as an FBI informant at the time of the Stratfor hack, AntiSec operated essentially on its own--without guidance from his FBI handlers.

But how can he know that?

How can he know that the person hiding behind the Hyrriiya screen name wasn't a government operative enticing him to do exactly what he ended up doing? As Ars Technicareports:

At the instruction of the FBI, Monsegur offered Hammond a server to
store the data being extracted from Stratfor. Hammond agreed, and told
others that they would use Monsegur's server as a "first base of
operations" before moving it elsewhere.

It's undeniable that Henry's FBI allowed the Stratfor hack to proceed long
after they knew it was underway, so why should we assume that they had
nothing to do with selecting the target?

And why should we rule out the possibility that Guccifer 2.0 is a pawn (witting or unwitting) of Henry's CrowdStrike? If you think that's outrageous because Guccifer 2.0 only brings more attention to the DNC hack, which is a major source of embarrassment to CrowdStrike, think again. In the first place, the narrative from the DNC and CrowdStrike has put Henry's company in a no-lose situation because it wasn't brought in until after the breach was detected. In the second place, the Guccifer 2.0 story is receiving scant media coverage, and what little coverage it does receive has nothing to do with the leaked information itself. And in the third place, the entire Guccifer 2.0 affair could quite easily end up taking the air out of the forthcoming leak from WikiLeaks.

Like Sabu, Guccifer 2.0 comes across as a lovable hacktivist who is giving the finger to the powers that be in a world that is turning into one giant surveillance state before our eyes. Of course he's a sympathetic figure. Of course we want to help him. Of course he seems trustworthy: He's doing exactly what we all wish we could do by exposing what he's found behind a curtain of corruption.

But that doesn't mean we should trust him any more than Brown and Hammond should have trusted Monsegur.